Vulnerability Description
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Linux | 5.0 |
| Oracle | Solaris | 10 |
| Oracle | Vm Server | 3.2 |
| Isc | Bind | 8.4.7 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.h
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
- http://marc.info/?l=bugtraq&m=145680832702035&w=2Third Party Advisory
- http://packetstormsecurity.com/files/134882/FreeBSD-Security-Advisory-BIND-Denia
- http://rhn.redhat.com/errata/RHSA-2015-2655.html
- http://rhn.redhat.com/errata/RHSA-2015-2656.html
FAQ
What is CVE-2015-8000?
CVE-2015-8000 is a vulnerability with a CVSS score of 5.0 (MEDIUM). db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribu...
How severe is CVE-2015-8000?
CVE-2015-8000 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8000?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Linux, Oracle Solaris, Oracle Vm Server, Isc Bind.